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DETAILED ACTION 



1 . Currently pending claims are 1 and 3 - 35. 

Response to Arguments 

2. Applicant's arguments with respect to the subject matter of the instant claims have been 
fully considered but are not persuasive. 

3. As per amended claim 1 , Applicant asserts (a) Grootwassink does not teach 
"establishing a communications link with the client access device to authenticate and authorize 
the user, including communicating an agent to the client access device, the agent operable to 
identify the client device configuration" (Remarks: Page 11 /4 th Para) wherein (b) Applicant 
argues that Grootwassink indicates "when a wireless unit initiates a communication in a visited 
service area, the visited system service provider attempts to find the wireless unit's identification 
(also referred to as registration information) from the HLR" and thus Grootwassink's "the VLR 
communicates the client configuration data with HLR" can not read on the above claim limitation 
(Remarks: Page 11 / Last Para). Examiner respectfully disagrees because Grootwassink 
teaches when a client mobile unit powers-on, the mobile unit first sends a registration request to 
a serving MSC when roaming into a VLR (Grootwassink: Column 5 Line 35 - 47) and therefore, 
after that, if a wireless unit initiates a communication in a visited service area, the VLR should 
be able to allocate the client mobile unit's identification information - If it can not find the 
required information, then it starts querying HLR (Grootwassink: Column 2 Line 48 - 51). 
Examiner notes the initial registration process initiated by the client mobile unit communicating 
with VLR evidently includes a series of registration granting / denial exchange messages 
between the VLR and the mobile unit and as such the process indeed matches the claim 
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language "including communicating an agent to the client access device, the agent operable to 
identify the client device configuration " as recited in the amended claim and as such Applicant's 
arguments are respectfully traversed. 

Claim Objections 

4. Claims 1 and 30 are objected to because of the following informalities: the original claim 
limitation, filed on 10/24/2007, includes " processing the client device configuration data includes 
determining if the client device configuration data meets predetermined security requirements ". 
However, this instant amended claim, filed on 4/29/2008, does not present this particular claim 
limitation (also without the strike-out). Examiner notes it is not clear the omitted claim limitation 
is intentional or is mistaken and as such the following examination is based upon the currently 
amended claims filed on 4/29/2008 in order to continue the prosecution. Appropriate 
correction(s) is (are) required. 

Claim Rejections - 35 USC §102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e)the invention was described in (1)an application for patent, published under section 122(b), by another 
filed in the United States before the invention by the applicant for patent or (2) a patent granted on an 
application for patent by another filed in the United States before the invention by the applicant for patent, 
except that an international application filed under the treaty defined in section 351(a) shall have the effects 
for purposes of this subsection of an application filed in the United States only if the international application 
designated the United States and was published under Article 21(2) of such treaty in the English language. 



5. Claims 32 and 34 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Grootwassink (U.S. Patent 7,031,705). 



Application/Control Number: 1 0/821 ,313 Page 4 

Art Unit: 2131 

As per claim 32 and 34, Grootwassink teaches a method to manage access to a network 
from a client access device, the method comprising: 

requesting access to the network, the requesting involving a first service access provider 
and a second service access provider (Grootwassink: Column 5 Line 35 - 47 and Column 2 
Line 33 - 67: a HLR is qualified as a second service access provider while a VLR as a first 
service access provider); 

authenticating a user associated with the client access device in an authentication and 
authorization exchange involving an agent communicated to the client access device, the agent 
operable to identify the client device (Grootwassink: Column 5 Line 35 - 47 and Column 2 Line 
47 - 67: the initial registration process initiated by the client mobile unit that includes a series of 
registration granting / denial exchange messages between the VLR and the mobile unit does 
match the claim language), wherein the user is a subscriber of the second service access 
provider (Grootwassink: Column 5 Line 35 - 47 and Column 2 Line 33 - 67: the user is a 
subscriber of the HLR); 

communicating client device configuration data to the second service access provider 
via the agent (Grootwassink: Column 5 Line 35 - 47, Column 2 Line 63 - 67 / Line 48 - 62 and 
Column 5 Line 3-10: Examiner notes the broadest and reasonable claim interpretations are 
made, according to MPEP 2111, such that a registration information is interpreted as a part of 
the device configuration data); 

processing the configuration data, by the second service provider (Grootwassink: 
Column 2 Line 47-67); 
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receiving a verification response from the second service access provider via the first 
service access provider (Grootwassink: Column 2 Line 63 - 67: the indication originating from 
the HLR (i.e. the second service access provider)); and 

if the user is authenticated and the verification response from the second service access 
provider indicates acceptance of the client device configuration data, accessing the network via 
the first service provider (Grootwassink: Column 2 Line 63 - 67 and Column 3 Line 2-4: the 
grant indication originating from the HLR (i.e. the second service access provider) and 
accessing the network via the VLR of the local network). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 
A person shall be entitled to a patent unless - 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 1 02 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made to 
a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

6. Claims 1 and 3 - 31, 33 and 35 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Grootwassink (U.S. Patent 7,031,705), in view of Albert et al. (U.S. Patent 
2003/0177389). 

As per claim 1 and 30, Grootwassink teaches a method comprising: 
performing, in a service access provider, operations including: 
receiving an access request from a client access device (the mobile unit sends a 
registration request to a serving MSC when roaming into a VLR (Grootwassink: Column 5 Line 
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35 - 47 and Column 4 Line 12-20: Examiner notes (a) a VLR is interpreted as a first service 
access provider and (b) the registration to a VLR is just like a log-in process for accessing to a 
computer system and hence is equivalent to access request to a VLR, which can allow or 
denies the service request accordingly (Grootwassink: Column 4 Line 20)), the access request 
requesting access to a packet-switched computer network , wherein a user associated with the 
client access device is a subscriber of a second service access provider (Grootwassink: 
Column 2 Line 47 - 67 and Column 1 Line 15 - 41 : (a) a HLR is qualified as a second service 
access provider while a VLR as a first service access provider (b) mobile wireless 
communication network is indeed implemented as a message-based packet switching network 
technology to handle the messages exchanged between the provider and the clients ): 

establishing a communications link with the client access device to authenticate and 
authorize the user, including communicating an agent to the client access device, the agent 
operable to identify the client device (Grootwassink: Column 5 Line 35 - 47 and Column 2 Line 
47 - 67: the initial registration process initiated by the client mobile unit that includes a series of 
registration granting / denial exchange messages between the VLR and the mobile unit does 
match the claim language); 

receiving client device configuration data from the agent over the communications link 
during an authentication and authorization exchange (Column 5 Line 35 - 47, Column 2 Line 63 
- 67 / Line 48 - 62 and Column 5 Line 3 - 10: Examiner notes the broadest and reasonable 
claim interpretations are made, according to MPEP 2111, such that a registration information is 
interpreted as a part of the device configuration data); 

transmitting the client device configuration data destined for the second service access 
provider, wherein the second service access provider is operable to process the client device 
configuration data (Grootwassink: Column 2 Line 47 - 67); and 
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receiving an indication about whether the client access device is granted access to the 
network, the indication originating from the second service access provider (Grootwassink: 
Column 2 Line 63 - 67 and Column 3 Line 2-4: the grant indication originating from the HLR 
(i.e. the second service access provider) and accessing the network via the VLR of the local 
network). 

Grootwassink does not disclose expressly selectively granting the client access device 
access to the network based upon the client device configuration data. 

Albert teaches selectively granting the client access device access to the network based 
upon the client device configuration data (Albert: Para [0067] Line 7-10 and [0066] & Figure 3: 
the user's individual security setting associated with the client device is qualified as client 
device configuration data ). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Albert within the system of Grootwassink 
because (a) Grootwassink teaches providing a security validation for a roamer including 
personal communication service (PCS) units in a wireless network (Grootwassink : Column 1 
Line 25 - 28 / Line 34 - 40 and Column 2 Line 6-10) and (b) Albert teaches providing 
enhanced authenticating method by using the security enforcement module that applies access 
security policy for regulating access at a client device including mobile computer users in a 
wireless network (Albert: Para [0008] Line 4 - 13 and Para [0024]). 

As per claim 3, Grootwassink as modified teaches determining if the client device 
configuration data meets predetermined security requirements includes comparing the client 
device configuration data with reference configuration data (Grootwassink: Column 2 Line 63 - 
67) & (Albert: Para [0067] Line 7 - 10 and [0066] & Figure 3). 
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As per claim 4 and 19, Grootwassink as modified teaches the second service access 
provider is further operable to update the client device configuration data if the client device 
configuration data fails to meet the predetermined security requirements (Albert: Para [0066], 
[0025], [0072] and [0085] - [0098] & Figure 3: the corporate security policies that are 
predefined and assigned to the user are typically downloaded to the user's device from an 
integrity server). 

As per claim 5 and 20, Grootwassink as modified teaches selectively granting the client 
access device access to the network includes, denying access to the network if the client 
device configuration data is not updated (Albert: [0066] & Figure 3: the last sentence) & (Albert: 
Para [0067] Line 7 - 10 and [0066] & Figure 3). 

As per claim 6, Grootwassink as modified teaches the agent operable to identify the 
client device configuration data and to communicate the client device configuration data to a 
server of the network (Grootwassink: Column 2 Line 47 - 67 and Column 5 Line 6-10: the 
VLR communicates the client configuration data with the HLR) & (Albert: Para [0067] Line 7 - 
10 and [0066] & Figure 3). 

As per claim 7 and 22, Grootwassink as modified teaches if after the processing of the 
client device configuration data the client device configuration data requires an update, using 
the agent to update the client, access device with updated configuration data (Albert: Para 
[0066], [0025], [0072] and [0085] - [0098] & Figure 3: the corporate security policies that are 
predefined and assigned to the user are typically downloaded to the user's device from an 
integrity server). 
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As per claim 8 and 23, Grootwassink as modified teaches after updating the client 
access device, receiving an update result indicator from the agent to confirm that the 
configuration of the client access device has been updated (Albert: Para [0072]). 

As per claim 9, Grootwassink as modified teaches the establishing of the 
communications link with the client access device includes communicating a command set, 
which includes at least one command, to the client access device, the command set operable 
to identify the client device configuration data and to communicate the client device 
configuration data to a server of the network (Grootwassink: Column 2 Line 47 - 67 and 
Column 5 Line 6 - 10: a command set, for example, is to find out the wireless unit's 
identification (or registration information) & (Albert: Para [0067] Line 7-10 and [0066] & Figure 
3). 

As per claim 1 0 and 25, Grootwassink as modified teaches if after the processing of the 
client device configuration data the client device configuration data requires an update, using 
the command set to update the client access device with updated configuration data (Albert: 
Para [0066], [0025], [0072] and [0085] - [0098] & Figure 3: the corporate security policies that 
are predefined and assigned to the user are typically downloaded to the user's device from an 
integrity server). 

As per claim 1 1 and 27, Grootwassink as modified teaches the command set further 
includes a first command set to identify and communicate the client device configuration data to 
the server (Grootwassink: Column 2 Line 47 - 67 and Column 5 Line 6 - 10: a command set, 
for example, is to find out the wireless unit's identification (or registration information)), and a 
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second command set to update the client access device with the updated configuration data 
((Albert: Para [0066], [0025], [0072] and [0085] - [0098] & Figure 3: the corporate security 
policies that are predefined and assigned to the user are typically downloaded to the user's 
device from an integrity server). 

As per claim 12 and 26, Grootwassink as modified teaches after updating the client 
access device, receiving an update result indicator from the client access device to confirm that 
the configuration of the client access device has been updated (Albert: Para [0096] - [0098] & 
Figure 3). 

As per claim 13, Grootwassink as modified teaches after establishing communications 
with the client access device, authenticating a user associated with the client access device 
(Grootwassink: Column 2 Line 47 - 67 and Column 5 Line 6 - 10) & (Albert: Para [0067] Line 7 

- 10 and [0066] & Figure 3). 

As per claim 14, Grootwassink as modified teaches authenticating the user includes 
verifying user login information associated with the user attempting access to the network 
(Grootwassink: Column 2 Line 20 - 25 and Column 5 Line 6 - 10) & (Albert: Para [0067] Line 7 

- 10 and [0066] & Figure 3). 

As per claim 1 5, 29 and 31 , Grootwassink as modified teaches the client device 
configuration data includes at least one of virus definition data, firewall configuration data, and 
operating system configuration data (Albert: Para [0090]: a message sent by the of client 
security module is a "firewall" event control related configuration data) 
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As per claim 16, Grootwassink as modified teaches a system to verify configuration data 
of a client access device requesting access to a network, the system comprising: 

a first service access provider (Grootwassink: Column 2 Line 33 - 46: a VLR is qualified 
as a first service access provider), coupled to a network, to establish a communications link to 
the client access device to receive, from the client access device, authentication information for 
a user associated with the client access device (Grootwassink: Column 5 Line 35 - 47 and 
Column 2 Line 63 - 67), including communicating an agent to the client access device, the 
agent operable to identify the client device configuration (Grootwassink: Column 5 Line 35 - 47 
and Column 2 Line 47 - 67: the initial registration process initiated by the client mobile unit that 
includes a series of registration granting / denial exchange messages between the VLR and the 
mobile unit does match the claim language) to receive the configuration data from the client 
access device over the communications link during an authentication and authorization 
exchange (Grootwassink: Column 5 Line 35 - 47, Column 2 Line 63 - 67 / Line 48 - 62 and 
Column 5 Line 3-10: Examiner notes the broadest and reasonable claim interpretations are 
made, according to MPEP 2111, such that a registration information is interpreted as a part of 
the device configuration data); and 

a second service access provider to receive the authentication information and the 
configuration data from the first service access provider, to process the configuration data 
(Grootwassink: Column 2 Line 63 - 67 and Column 3 Line 2-4: the grant indication originating 
from the HLR (i.e. the second service access provider) and accessing the network via the VLR 
of the local network). 

Grootwassink does not disclose expressly selectively granting the client access device 
access to the network based upon the client device configuration data. 
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Albert teaches selectively granting the client access device access to the network based 
upon the client device configuration data (Albert: Para [0067] Line 7-10 and [0066] & Figure 3: 
the user's individual security setting associated with the client device is qualified as client 
device configuration data ). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Albert within the system of Grootwassink 
because (a) Grootwassink teaches providing a security validation for a roamer including 
personal communication service (PCS) units in a wireless network (Grootwassink : Column 1 
Line 25 - 28 / Line 34 - 40 and Column 2 Line 6-10) and (b) Albert teaches providing 
enhanced authenticating method by using the security enforcement module that applies access 
security policy for regulating access at a client device including mobile computer users in a 
wireless network (Albert: Para [0008] Line 4 - 13 and Para [0024]). 

As per claim 17, Grootwassink as modified teaches processing the client device 
configuration data includes determining if the client device configuration data meets 
predetermined security requirements (Grootwassink: Column 2 Line 63 - 67). 

As per claim 18, Grootwassink as modified teaches determining if the client device 
configuration data meets predetermined security requirements includes comparing the client 
device configuration data with reference configuration data (Grootwassink: Column 2 Line 63 - 
67). 

As per claim 21, Grootwassink as modified teaches the establishing of the 
communications link with the client access device includes, communicating an agent to the 
client access device, the agent operable to identify the client device configuration data and to 
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communicate the client device configuration data to a server of the network (Grootwassink: 
Column 2 Line 47 - 67 and Column 5 Line 6-10: the VLR communicates the client 
configuration data with the HLR). 

As per claim 24, Grootwassink as modified teaches the establishing of the 
communications link with the client access device includes communicating a command set, 
which includes at least one command, to the client access device, the command set operable 
to identify the client device configuration data and to communicate the client device 
configuration data to a server of the network (Grootwassink: Column 2 Line 47 - 67 and 
Column 5 Line 6 - 10: a command set, for example, is to find out the wireless unit's 
identification (or registration information)). 

As per claim 28, Grootwassink as modified teaches after establishing communications 
with the client access device, authenticating a user associated with the client access device 
(Grootwassink: Column 2 Line 47 - 67 and Column 5 Line 6-10). 

As per claim 33 and 35, Grootwassink does not disclose expressly prior to receiving a 
verification response, updated configuration data is received from the network access system to 
replace the client device configuration data. 

Albert teaches prior to receiving a verification response, updated configuration data is 
received from the network access system to replace the client device configuration data (Albert: 
Para [0066] Para [0097] and [0098]: the integrity server updates and installs the security policies 
on the client device and may deny the client's access to the network if the required security 
policy or module is not subsequently activated by the client device). 
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Same rationale of combination applies herein as above in rejecting the claim 1. 
Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant 
is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to LONGBIT CHAI whose telephone number is (571)272-3788. The 
examiner can normally be reached on Monday-Friday 9:00am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Longbit Chai/ 

Longbit Chai Ph.D. 
Patent Examiner 
Art Unit 2131 
5/27/2008 



